split compose file; added option to choose reverse proxy

changed script outputs

docker-compose.nginx.yaml

@@ -0,0 +1,23 @@
+version: '3.5'
+
+
+services:
+
+  # nginx container
+  nginx:
+    container_name: nginx
+    hostname: ${HOSTNAME}
+    image: nginx:latest
+    volumes:
+      - ./nginx-docker/configs/:/etc/nginx/
+      - ./certificates/certs/:/etc/ssl/certs/
+      - ./certificates/private/:/etc/ssl/private/
+      - ./certificates/dhparam.pem:/etc/nginx/dhparam.pem
+    ports:
+      - "80:80"
+      - "443:443"
+      - "853:853"
+    networks:
+      dns_network0:
+        ipv4_address: 172.16.1.2
+    restart: always

docker-compose.traefik.yaml

@@ -0,0 +1,104 @@
+version: '3.5'
+
+
+services:
+
+  # DoH server container
+  doh_server:
+    networks:
+      traefik_proxy:
+        ipv4_address: 172.16.0.3
+
+  # pihole container
+  pihole:
+    networks:
+      traefik_proxy:
+        ipv4_address: 172.16.0.4
+
+  # nginx container
+  nginx:
+    container_name: nginx
+    hostname: ${HOSTNAME}
+    image: nginx:latest
+    volumes:
+      - ./nginx-docker/configs/:/etc/nginx/
+      - ./certificates/certs/:/etc/ssl/certs/
+      - ./certificates/private/:/etc/ssl/private/
+      - ./certificates/dhparam.pem:/etc/nginx/dhparam.pem
+    expose:
+      - 853
+    networks:
+      dns_network0:
+        ipv4_address: 172.16.1.2
+      traefik_proxy:
+        ipv4_address: 172.16.0.2
+    restart: always
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=traefik_proxy
+  ##### tcp
+    ### services
+      # backend port
+      - traefik.tcp.services.svc-nginx_dot.loadbalancer.server.port=853
+    ### routers
+      # DoT forward
+      - traefik.tcp.routers.rou_encr-nginx_dot.entrypoints=dot
+      - traefik.tcp.routers.rou_encr-nginx_dot.rule=HostSNI(`*`)
+      - traefik.tcp.routers.rou_encr-nginx_dot.tls.passthrough=true
+      - traefik.tcp.routers.rou_encr-nginx_dot.service=svc-nginx_dot
+
+  # træfik container
+  traefik:
+    container_name: traefik
+    hostname: ${HOSTNAME}
+    image: traefik:v2.0
+    environment:
+      - TZ=${TZ:-Europe/London}
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ./traefik-docker/configs/:/etc/traefik/
+      - ./traefik-docker/shared/:/shared/:ro
+      - ./certificates/certs:/etc/ssl/certs/
+      - ./certificates/private/:/etc/ssl/private/
+    ports:
+      - "80:80"
+      - "443:443"
+      - "853:853"
+      - "8080:8080"
+    networks:
+      traefik_proxy:
+        ipv4_address: 172.16.0.250
+    restart: always
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=traefik_proxy
+  ##### http
+    ### services
+      # backend port
+      - traefik.http.services.svc-traefik.loadbalancer.server.port=8080
+    ### routers
+      # redirect http to https
+      - traefik.http.routers.rou-traefik.entrypoints=http
+      - traefik.http.routers.rou-traefik.rule=Host(`traefik.${DOMAIN}`)
+      - traefik.http.routers.rou-traefik.middlewares=https_redirect@file
+      # traefik dashboard
+      - traefik.http.routers.rou_encr-traefik.entrypoints=https
+      - traefik.http.routers.rou_encr-traefik.rule=Host(`traefik.${DOMAIN}`)
+      - traefik.http.routers.rou_encr-traefik.tls=true
+      - traefik.http.routers.rou_encr-traefik.tls.options=default
+      - traefik.http.routers.rou_encr-traefik.middlewares=secure_headers@file
+      - traefik.http.routers.rou_encr-traefik.service=svc-traefik
+
+
+networks:
+  # Bridge network for træfik's communication
+  traefik_proxy:
+    name: traefik_proxy
+    driver: bridge
+    driver_opts:
+      encrypted: "true"
+    ipam:
+      config:
+        - subnet: 172.16.0.0/24
+    attachable: false

docker-compose.yaml

@@ -3,25 +3,6 @@ version: '3.5'
 
 services:
 
-#  # ngix container
-#  nginx:
-#    container_name: nginx
-#    hostname: ${HOSTNAME}
-#    image: nginx:latest
-#    volumes:
-#      - ./nginx-docker/configs/:/etc/nginx/
-#      - ./certificates/certs/:/etc/ssl/certs/
-#      - ./certificates/private/:/etc/ssl/private/
-#      - ./certificates/dhparam.pem:/etc/nginx/dhparam.pem
-#    ports:
-#      - "80:80"
-#      - "443:443"
-#      - "853:853"
-#    networks:
-#      dns_network0:
-#        ipv4_address: 172.16.1.2
-#    restart: always
-
   # DoH server container
   doh_server:
     container_name: doh_server
@@ -34,12 +15,10 @@ services:
     networks:
       dns_network0:
         ipv4_address: 172.16.1.3
-      traefik_proxy:
-        ipv4_address: 172.16.0.3
     restart: always
     labels:
       - traefik.enable=true
-      - traefik.docker.network=traefik_proxy
+      - traefik.docker.network=${TRAEFIK_NETWORK:-traefik_proxy}
   ##### http
     ### services
       # backend port
@@ -77,14 +56,12 @@ services:
     networks:
       dns_network0:
         ipv4_address: 172.16.1.4
-      traefik_proxy:
-        ipv4_address: 172.16.0.4
     dns:
       - 127.0.0.1
     restart: always
     labels:
       - traefik.enable=true
-      - traefik.docker.network=traefik_proxy
+      - traefik.docker.network=${TRAEFIK_NETWORK:-traefik_proxy}
   ##### http
     ### services
       # backend port
@@ -130,7 +107,8 @@ services:
 #    ### routers
 #      # DoT forward
 #      - traefik.tcp.routers.rou_encr-pihole_dns.entrypoints=dot
-#      - traefik.tcp.routers.rou_encr-pihole_dns.rule=HostSNI(`dot.${DOMAIN}`)
+##      - traefik.tcp.routers.rou_encr-pihole_dns.rule=HostSNI(`dot.${DOMAIN}`)
+#      - traefik.tcp.routers.rou_encr-pihole_dns.rule=HostSNI(`*`)
 #      - traefik.tcp.routers.rou_encr-pihole_dns.tls=true
 #      - traefik.tcp.routers.rou_encr-pihole_dns.tls.options=default
 #      - traefik.tcp.routers.rou_encr-pihole_dns.service=svc-pihole_dns
@@ -155,49 +133,6 @@ services:
     labels:
       - traefik.enable=false
 
-  # træfik container
-  traefik:
-    container_name: traefik
-    hostname: ${HOSTNAME}
-    image: traefik:v2.0
-    environment:
-      - TZ=${TZ:-Europe/London}
-    volumes:
-      - /etc/localtime:/etc/localtime:ro
-      - /var/run/docker.sock:/var/run/docker.sock
-      - ./traefik-docker/configs/:/etc/traefik/
-      - ./traefik-docker/shared/:/shared/:ro
-      - ./certificates/certs:/etc/ssl/certs/
-      - ./certificates/private/:/etc/ssl/private/
-    ports:
-      - "80:80"
-      - "443:443"
-      - "853:853"
-      - "8080:8080"
-    networks:
-      traefik_proxy:
-        ipv4_address: 172.16.0.250
-    restart: always
-    labels:
-      - traefik.enable=true
-      - traefik.docker.network=traefik_proxy
-  ##### http
-    ### services
-      # backend port
-      - traefik.http.services.svc-traefik.loadbalancer.server.port=8080
-    ### routers
-      # redirect http to https
-      - traefik.http.routers.rou-traefik.entrypoints=http
-      - traefik.http.routers.rou-traefik.rule=Host(`traefik.${DOMAIN}`)
-      - traefik.http.routers.rou-traefik.middlewares=https_redirect@file
-      # traefik dashboard
-      - traefik.http.routers.rou_encr-traefik.entrypoints=https
-      - traefik.http.routers.rou_encr-traefik.rule=Host(`traefik.${DOMAIN}`)
-      - traefik.http.routers.rou_encr-traefik.tls=true
-      - traefik.http.routers.rou_encr-traefik.tls.options=default
-      - traefik.http.routers.rou_encr-traefik.middlewares=secure_headers@file
-      - traefik.http.routers.rou_encr-traefik.service=svc-traefik
-
 
 networks:
   # Bridge network for internal communication
@@ -209,15 +144,4 @@ networks:
     ipam:
       config:
         - subnet: 172.16.1.0/24
-    attachable: false
-
-  # Bridge network for træfik's communication
-  traefik_proxy:
-    name: traefik_proxy
-    driver: bridge
-    driver_opts:
-      encrypted: "true"
-    ipam:
-      config:
-        - subnet: 172.16.0.0/24
     attachable: false